18 April 2016

Honey, where have you been?

Do
you want to know where a smartphone has been connected? I
mean … would you like to know what wireless networks have been used
by a smartphone? Is this information useful? It depends on what you
are looking for. From time to time someone might be interested in
gathering information about someone. For instance, where have people,
who are around you, been connected? What is their ISP? where have
they been eating? what places have they visited? What smartphone do
they have? Is he in his house/office right now? etc. Getting this
“public” and “free” information, and use it as you want!!

As you can
guest, there is an easy way to get this information due to the fact
that lots of people always have their Wi-Fi connection enabled in
their smartphones even when they leave their home, office or wherever
or even when they don't need it. However, these mobile devices keep
sending “Probe Request” messages over the air asking for the
whole wireless network list stored
in their smartphones because it is looking for these wireless
networks to connect again. This
wireless networks list is made by
our smartphone with each Wi-Fi we connect because mobile devices
store
all SSIDs we
use by default. Next, we
can see an image with all SSIDs my smartphone has used:

Wireless Network List

What
tool can
we
use to get “Probe
Request” messages?
“Hoover”
is an “old” and free tool,
made in 2012 and writing
in perl language by David Nelissen & Xavier Mertens, that it allows
us to get a
list of SSIDs which
have been used by mobile devices which arenearby.
This script uses the
“channel hopping” technique to change the Wi-Fi channel every 5
seconds within an infinitive loop looking for “Probe Requests”messages. If
we want to use it, we need to configure
our wireless adapter in a monitor mode, and we also have to install
tshark and perl. Next, we
can see an image with the SSIDs and wireless devices which arearound
me:

Hoover

Hoover Results

Of course,
hoover can be improved. For example, dates when SSIDs are discovered
are wrong, it would be great to match MAC addresses with
manufacturers and it would be awesome to know where SSIDs are in a
wireless network mapping like WiGLE.

Once
we know the SSIDs which mobile devices want to connect, what
could be next?
Maybe, turning on a rogue
access point with that SSIDs to
try to get their Wi-Fi passwords, try to analyze their network
traffic and also trying to hack their devices.

If you
don't want to be spied and you don't want anybody breaks your
privacy, delete your unneccessary wireless list of your mobile
devices and turn off your wireless connection when you don't use it,
if not, you are exposing valuable information like where you have
been eating, sleeping, or … everything.

Regards my
friend and remember, drop a line with the first thing you're
thinking.